--On 18 November 2008 06:58 -0800 john wu <[EMAIL PROTECTED]> wrote:
> Thanks a lot! > > Another question. In this example > https://foo.bar.com/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS > &service=http://localhost/bling&pgtUrl=https://foo.bar.com/pgtCallback > > http://localhost/bling is the back-end service url and > https://foo.bar.com/pgtCallback is the url of the service that wishes to > proxy a client's authentication to a back-end service > > Is it correct? > I think the example you're quoting comes from here: <http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough> which is very much a pedestrian walk through of the steps involved in proxying and doesn't have all the pieces of the puzzle fully fleshed out. I can see using pgtUrl=https://foo.bar.com/pgtCallback could be confusing as it implies the pgt callback is to a different server to the one specified in 'service' (and actually implies it's the same as the CAS server, which it generally won't be). A more likely URL in a real-world situation would be: https://foo.bar.com/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=https://some.other.host/my_app/bling&pgtUrl=https://some.other.host/my_app/pgtCallback https://foo.bar.com/is/cas is where the CAS server is installed and https://some.other.host/my_app is where the application using CAS lives. The service URL is about the original user login and where the user is redirected to post-login. The ticket that gets generated is tied to that service which is why you need to supply the service when you validating a ticket. The pgtUrl is where CAS needs to send the Proxy Granting Ticket. Ordinarily, those two parameters would point to different URLs within the same application as the user will be returned to the service URL with a ticket, the ticket is exchanged for a username and a pgtIOU and the pgtIOU can be matched against what was sent to the pgtUrl with the PGT. Clear as mud? Dave ---------------------- David Spencer Information Systems and Computing University of Bristol _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
